A curated list of AWS resources to prepare for the AWS Certifications
A curated list of awesome AWS resources you need to prepare for the all 5 AWS Certifications. This gist will include: open source repos, blogs & blogposts, ebooks, PDF, whitepapers, video courses, free lecture, slides, sample test and many other resources.
Index:
- Passing the AWS solutions architect - Associate exam (Published ☑)
- Exam Overview
- Prerequisites
- General Learning Material
- Blueprints exam
- Direct experience from AWS Certified members
- The exam
- Passing the AWS solutions architect - Professional exam (Coming soon...)
- Exam Overview
- Prerequisites
- General Learning Material
- Blueprints exam
- Direct experience from AWS Certified members
- The exam
- Passing the AWS SysOps Administrator Certification (Coming soon...)
- Exam Overview
- Prerequisites
- General Learning Material
- Blueprints exam
- Direct experience from AWS Certified members
- The exam
- Passing the AWS DevOps Engineer Certification(Coming soon...)
- Exam Overview
- Prerequisites
- General Learning Material
- Blueprints exam
- Direct experience from AWS Certified members
- The exam
- Passing the AWS Developer Certification (TBD)
- Exam Overview
- Prerequisites
- General Learning Material
- Blueprints exam
- Direct experience from AWS Certified members
- The exam
You will find you make less errors when you don’t feel rushed on time.
The AWS Certified Solutions Architect – Associate exam is intended for individuals with experience designing distributed applications and systems on the AWS platform.
Exam concepts you should understand for this exam include:
- Designing and deploying scalable, highly available, and fault tolerant systems on AWS
- Lift and shift of an existing on-premises application to AWS
- Ingress and egress of data to and from AWS
- Selecting the appropriate AWS service based on data, compute, database, or security requirements
- Identifying appropriate use of AWS architectural best practices
- Estimating AWS costs and identifying cost control mechanisms
Candidate Overview description provided by the AWS documentation
Eligible candidates for this exam have:
- One or more years of hands-on experience designing available, cost efficient, fault tolerant, and scalable distributed systems on AWS
- In-depth knowledge of at least one high-level programming language
- Ability to identify and define requirements for an AWS-based application
- Experience with deploying hybrid systems with on-premises and AWS components
- Capability to provide best practices for building secure and reliable applications on the AWS platform
AWS Knowledge required for the Exam:
- Hands-on experience using compute, networking, storage, and database AWS services
- Professional experience architecting large-scale distributed systems
- Understanding of elasticity and scalability concepts
- Understanding of the AWS global infrastructure
- Understanding of network technologies as they relate to AWS
- A good understanding of all security features and tools that AWS provides and how they relate to traditional services
- A strong understanding of client interfaces to the AWS platform
- Hands-on experience with AWS deployment and management services
Key items you should know before you take the exam:
- How to configure and troubleshoot a VPC inside and out, including basic IP subnetting. VPC is arguably one of the more complex components of AWS and you cannot pass this exam without a thorough understanding of it.
- The difference in use cases between Simple Workflow (SWF), Simple Queue Services (SQS), and Simple Notification Services (SNS).
- How an Elastic Load Balancer (ELB) interacts with auto-scaling groups in a high-availability deployment.
- How to properly secure a S3 bucket in different usage scenarios
- When it would be appropriate to use either EBS-backed or ephemeral instances.
- A basic understanding of CloudFormation.
- How to properly use various EBS volume configurations and snapshots to optimize I/O performance and data durability.
General IT Knowledge preferred for the Exam:
- Excellent understanding of typical multi-tier architectures: web servers, caching, application servers, load balancers, and storage
- Understanding of Relational Database Management System (RDBMS) and NoSQL
- Knowledge of message queuing and Enterprise Service Bus (ESB)
- Familiarity with loose coupling and stateless systems
- Understanding of different consistency models in distributed systems
- Knowledge of Content Delivery Networks (CDN)
- Hands-on experience with core LAN/WAN network technologies
- Experience with route tables, access control lists, firewalls, NAT, HTTP, DNS, IP and OSI Network
- Knowledge of RESTful Web Services, XML, JSON
- Familiarity with the software development lifecycle
- Work experience with information and application security concepts, mechanisms, and tools
- Awareness of end-user computing and collaborative technologies
- Solutions Architect—Associate Certification for AWS (2016)
- A Guide to AWS Certification Exams
- AWS Solutions Architect Certification
- AWS Certified Solutions Architect Associate Exam
- AWS Certification Exams: What to expect
- Preparing for the AWS Solutions Architect Associate Exam - Webinar
- AWS CLI: 10 Useful Commands You May Not Know
- How I Got 5 AWS Certifications: continuous learning with AWS
- Amazon AWS Certified Solutions Architect: What to Study, Tips and Resources
- AWS re:Invent 2015 | (ARC301) Scaling Up to Your First 10 Million Users
- AWS re:Invent 2015 | (CMP302) Amazon ECS: Distributed Applications at Scale
- AWS re:Invent 2014 | (SDD413) Amazon S3 Deep Dive and Best Practices
- AWS re:Invent 2015 | (DVO203) A Day in the Life of a Netflix Engineer
- Study guide for AWS Certification - GitHub Repo
- An app to track white AWS white papers I have read in preparation for architect certification.
- Prepare for AWS Certifications - Webinar
- AWS Certifications for Teams - Webinar
In this AWS whitepaper you'll find a sample exam. Here's a preview:
- Amazon Glacier is designed for: (Choose 2 answers)
A. active database storage.
B. infrequently accessed data.
C. data archives.
D. frequently accessed data.
E. cached session data.
(Answer: B. infrequently accessed data. C. data archives.)
- Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You
configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health
checks, which statement will be true?
A. The instance is replaced automatically by the ELB.
B. The instance gets terminated automatically by the ELB.
C. The ELB stops sending traffic to the instance that failed its health check.
D. The instance gets quarantined by the ELB for root cause analysis.
(Answer: C. The ELB stops sending traffic to the instance that failed its health check.)
- You are building a system to distribute confidential training videos to employees. Using CloudFront, what
method could be used to serve content that is stored in S3, but not publically accessible from S3
directly?
A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
B. Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.
C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.
D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).
(Answer: A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.)
In this amazing post Markos Rendell gave a deep explanation to every single AWS question.
Here are some general observations by Miha Kralj in this great post.
- There were several questions related to DR solutions with specified RPO/RTO times. Modern cloud-born solutions use completely different BCP approach, but hey, someone in AWS really likes traditional disaster recovery scenarios and is making sure that you love them too. I know it is 2016, but you need to learn the old skool BCP techniques for this exam.
- Questions about the AWS Storage Gateway appear at least 3 times. Yeah. Storage Gateway. The stuff that cloud-native architects never saw in action - nor do we want to. You have to learn the difference between Cached Volumes, Stored Volumes and understand how VTL works.
- Lots and lots and lots of questions on deployment management. CloudFormation. Elastic Beanstalk. OpsWorks. Learn these three technologies well - not well for an architect, but well for a 2nd-tier escalation operations engineer. One of the examiners really really really liked cloud deployment automation. And now you will like it too. Who cares if you use SaltStack, Terraform or Ansible - learn CF, Beanstalk and OpsWorks!
- Networking questions were everywhere, like 30% of the test or even more: VPN/DirectConnect/VPC peering. For me, DDOS protection, WAF, Cloudfront, and SSL/TLS stuff is networking too, although AWS treats them as security issues. Anyway, the examiners *love* networking. Learn networking. I mean, learn it like this is a Cisco exam, not a cloud architecture exam. Federated access, SAML, IAM roles and all possible AuthZ/AuthN scenarios - learn them all. Learn how IAM policies work. How cross-account trust works. And specifically how they don't work. Think like troubleshooting support personnel and what they need to know about identity flows; that's what you need to know for this exam.
- Whenever you see the need for high-performing scalable solution, the answer is always DynamoDB. Even if you think that architecturally there might be a better choice (Cassandra, or CouchDB anyone?), the correct answer will be DynamoDB. People that wrote the test were clearly in love with DynamoDB, Elasticache and Kinesis. Just pick the answer that includes all three of them and you'll be right.
- If a scenario is asking for something cheap (cost-effective), the answer must include spot instances, SQS for throttling and perhaps S3 RRS or Glacier.
- There were at least two questions where I was simply forced to propose the AWS Data Pipeline. Yeah, the obscure and rarely-seen Data Pipeline service, in the age when Lambda solves the same problem way more efficiently. No, Lambda was not an option at all and it didn't appear anywhere in the test.
First of all, associate certifications are not hard, and if you have a chance to take the AWS training, then you just need to concentrate on reading the training slides is more than enough! Remember to read the details explanation under the slides. Good understanding of VPC and IAM is important for all associate exams.
--
Dan-Claudiu Dragos shared his experience here on how he prepared for the AWS Solutions Architect Certifications in 7 days and succesfully passed it.
I'd like to share my experience of getting AWS CSA(A) certified with Cloud Academy:
The background:
- I have registered my personal AWS account late 2014 and still do not do much with it. Without a professional motivator this is actually a dead end, more like buying a book and never reading it.
- Mid-2015 I started doing DevOps work for a customer of my employer. They have a 1000+ node AWS environment that was fully configured with multiple VPCs, VPN access, IAM groups and the like. That become my playground and was the actual game changer, the single big detail that made the difference, certification-wise.
The process:
- Late April 2016 I have found the r/sysadmin (reddit) message with one month promotion by Cloud Academy. At that point I did not know anything about the AWS certifications but the seed got planted. I found the message a bit late, though, when the seats were already filled up, so did not register at that time.
- During the first week or so afterwards I was a bit confused, did not know what path to take. My first intention was to go to the Sysops cert but then I read on the Cloud Academy page that there is a big overlap with the "simpler" Architecture certification.
- By looking around I have found some course recordings from 2 years ago (don't ask) and listened to them for a total of 14 to 16 hours (not sure about this detail). They helped me get in the right mood to start doing tests, quizes, practice stuff...
- Mid-May, I register myself with Cloud Academy and get the 7 days trial. Well, I did the best out of that - my public profile says I have completed 1600+ quizes and got 35,000+ karma during that time. I have taken every quiz from the then AWS CSA(A) learning path multiple times until I got my score above 90%. The EC2/EBS quizes were quite easy, actually, with my experience; the S3 and IAM ones were average and Cloud Academy helped me fill in many blanks in that area. The database ones (DynamoDB and RDS) were the hardest and I had to open a lab to see how things were done and what concepts were important.
- In the last 3 days of the trial I have taken the 150+ questions exam at the end of the learning path and got 75% on the first try. I have taken it 2 or 3 more times, but as I started to remember questions I no longer considered it that useful to figure out what I still don't know.
- By that time I have also started to read white papers from Amazon on topics that were lightly touched by Cloud Academy, e.g. EBS RAID configurations and Route 53 special record types, health checks and failovers.
- I also got 4 apps from the Google Play Store, I found "AWS Architect - Associate" and "Cloud Pros- AWS Certified Arch" best. At that point I was already above the 90% passing threshold, though, and could not find many questions online I could not provide the expected correct answer to.
- I have also taken the practice exam from Amazon (a $20 cost). Please note that the questions do not change so taking it once and taking photos of the screen really helps on figuring out the failed questions. Nevertheless, I got 90% and scheduled myself a slot for "the real thing".
- May 27th - I went to the testing center and passed the AWS CSA(A) exam with 83%; I assume this is an average passing score. Amazon doesn't tell what is the failing threshold, but tells you how well you did in 4 areas (I had 80-85-90% in all of them).
On the exam itself:
- I got one question from the sample questions and one from the practice exam; they were on the simpler side.
- 33% are "easy", in the sense that fall in the "is water wet? true/false" type - relative to the AWS concepts, though.
- 33% are "average", more like "what feels wetter, water or oil?"
- 33% are hard or even crazy, covering all sorts of service details or requiring you to provide answers in the line of Amazon recommendations regarding certain service usage.
- About half of them are multiple answer, with no partial points given.
- Oh, don't look for dumps, Amazon has hundreds of possible questions out of which a subset is being given for each exam, there simply is no way to pass such exam with brain dumps, so forget it.
That's it. I'm the number 16.891, not sure if this is small or big, or even if it matters.
A redditor on r/aws gave awesome tips about the exam day Exam Registration fee is USD 150
You have 80 minutes to complete a 40 quizzes exam. Most of the questions are up to 3 lines long in the multiple choice format. You should consider no more than 1.5/2 minutes per question if you want to read each question carefully and answer to all of them correctly.
It's possible to set a question for review and skip, you can get back to what you marked in this way at the end.
Now you're ready to go. Here's where you book your exam!
Good Luck!

